diff options
Diffstat (limited to 'shared')
40 files changed, 0 insertions, 1234 deletions
diff --git a/shared/1systems/test-all-krebs-modules/config.nix b/shared/1systems/test-all-krebs-modules/config.nix deleted file mode 100644 index 7ebcf3b50..000000000 --- a/shared/1systems/test-all-krebs-modules/config.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, pkgs, lib, ... }: -let - en = { enable = true;}; -in { - imports = [ - <stockholm/shared> - ]; - krebs = { - enable = true; - build.user = config.krebs.users.shared; - build.host = config.krebs.hosts.test-all-krebs-modules; - Reaktor.test = {}; - apt-cacher-ng.enable = true; - backup.enable = true; - bepasty.enable = true; - # FIXME fast-tests / instantiate-test-all-modules fails at wolfbot - # http://wolf:8010/builders/fast-tests/builds/442 - #buildbot.master.enable = true; - buildbot.worker = { - enable = true; - username = "lol"; - password = "wut"; - }; - # XXX exim-retiolum and exim-smarthost are mutually exclusive - #exim-retiolum = { - # enable = true; - # primary_hostname = "test.r"; - #}; - exim-smarthost = { - enable = true; - primary_hostname = "test.r"; - system-aliases = [ { from = "dick"; to = "butt"; } ]; - }; - go.enable = true; - iptables = { - enable = true; - tables = {}; - }; - realwallpaper.enable = true; - tinc.retiolum.enable = true; - retiolum-bootstrap.enable = true; - tinc_graphs.enable = true; - urlwatch.enable = true; - fetchWallpaper = { - enable = true; - url ="localhost"; - }; - }; - # just get the system running - boot.loader.grub.devices = ["/dev/sda"]; - fileSystems."/" = { - device = "/dev/lol"; - }; -} diff --git a/shared/1systems/test-all-krebs-modules/source.nix b/shared/1systems/test-all-krebs-modules/source.nix deleted file mode 100644 index 58d72365f..000000000 --- a/shared/1systems/test-all-krebs-modules/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-all-krebs-modules"; -} diff --git a/shared/1systems/test-arch/config.nix b/shared/1systems/test-arch/config.nix deleted file mode 100644 index 453483d48..000000000 --- a/shared/1systems/test-arch/config.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - <stockholm/shared> - { - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/sda1"; - }; - } - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-arch; -} diff --git a/shared/1systems/test-arch/source.nix b/shared/1systems/test-arch/source.nix deleted file mode 100644 index ca2305684..000000000 --- a/shared/1systems/test-arch/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-arch"; -} diff --git a/shared/1systems/test-centos6/config.nix b/shared/1systems/test-centos6/config.nix deleted file mode 100644 index a81ff7c51..000000000 --- a/shared/1systems/test-centos6/config.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - - ip = "168.235.148.52"; - gw = "168.235.148.1"; -in { - imports = [ - <stockholm/shared> - <stockholm/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix> - { - networking.interfaces.enp11s0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = gw; - networking.nameservers = [ - "8.8.8.8" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-centos6; -} diff --git a/shared/1systems/test-centos6/source.nix b/shared/1systems/test-centos6/source.nix deleted file mode 100644 index 0c7c78ec0..000000000 --- a/shared/1systems/test-centos6/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-centos6"; -} diff --git a/shared/1systems/test-centos7/config.nix b/shared/1systems/test-centos7/config.nix deleted file mode 100644 index 58f99e87c..000000000 --- a/shared/1systems/test-centos7/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - -in { - imports = [ - <stockholm/shared> - <stockholm/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix> - <stockholm/shared/2configs/temp/networking.nix> - <stockholm/shared/2configs/temp/dirs.nix> - ]; - - sound.enable = false; - krebs.build.host = config.krebs.hosts.test-centos7; -} diff --git a/shared/1systems/test-centos7/source.nix b/shared/1systems/test-centos7/source.nix deleted file mode 100644 index 5144477fe..000000000 --- a/shared/1systems/test-centos7/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-centos7"; -} diff --git a/shared/1systems/test-failing/config.nix b/shared/1systems/test-failing/config.nix deleted file mode 100644 index fb6a58397..000000000 --- a/shared/1systems/test-failing/config.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - <stockholm/shared> - ]; - programs.ssh.startAgent = true; - programs.ssh.startAgent = false; -} diff --git a/shared/1systems/test-failing/source.nix b/shared/1systems/test-failing/source.nix deleted file mode 100644 index 3e17d0b52..000000000 --- a/shared/1systems/test-failing/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-failing"; -} diff --git a/shared/1systems/test-minimal-deploy/config.nix b/shared/1systems/test-minimal-deploy/config.nix deleted file mode 100644 index eab703671..000000000 --- a/shared/1systems/test-minimal-deploy/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - <stockholm/shared> - ]; - krebs = { - enable = true; - build.user = config.krebs.users.shared; - build.host = config.krebs.hosts.test-all-krebs-modules; - }; - # just get the system to eval in nixos without errors - boot.loader.grub.devices = ["/dev/sda"]; - fileSystems."/" = { - device = "/dev/lol"; - }; -} diff --git a/shared/1systems/test-minimal-deploy/source.nix b/shared/1systems/test-minimal-deploy/source.nix deleted file mode 100644 index 2368cdd49..000000000 --- a/shared/1systems/test-minimal-deploy/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-minimal-deploy"; -} diff --git a/shared/1systems/wolf/config.nix b/shared/1systems/wolf/config.nix deleted file mode 100644 index 636f8e822..000000000 --- a/shared/1systems/wolf/config.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, pkgs, ... }: -let - shack-ip = config.krebs.build.host.nets.shack.ip4.addr; -in -{ - imports = [ - <stockholm/shared> - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - <stockholm/shared/2configs/collectd-base.nix> - <stockholm/shared/2configs/central-stats-client.nix> - <stockholm/shared/2configs/save-diskspace.nix> - - <stockholm/shared/2configs/cgit-mirror.nix> - <stockholm/shared/2configs/graphite.nix> - <stockholm/shared/2configs/repo-sync.nix> - <stockholm/shared/2configs/shared-buildbot.nix> - - <stockholm/shared/2configs/shack/worlddomination.nix> - <stockholm/shared/2configs/shack/drivedroid.nix> - # <stockholm/shared/2configs/shack/nix-cacher.nix> - <stockholm/shared/2configs/shack/mqtt_sub.nix> - <stockholm/shared/2configs/shack/muell_caller.nix> - <stockholm/shared/2configs/shack/radioactive.nix> - <stockholm/shared/2configs/shack/share.nix> - - ]; - # use your own binary cache, fallback use cache.nixos.org (which is used by - # apt-cacher-ng in first place) - - services.influxdb.enable = true; - - # local discovery in shackspace - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; - services.grafana = { - enable = true; - addr = "0.0.0.0"; - users.allowSignUp = true; - users.allowOrgCreate = true; - users.autoAssignOrg = true; - auth.anonymous.enable = true; - security = import <secrets/grafana_security.nix>; - }; - - nix = { - # use the up to date prism cache - binaryCaches = [ - "http://cache.prism.r" - "https://cache.nixos.org/" - ]; - binaryCachePublicKeys = [ - "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" - ]; - }; - - networking = { - firewall.enable = false; - firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces.enp0s3.ip4 = [{ - address = shack-ip; - prefixLength = 20; - }]; - - defaultGateway = "10.42.0.1"; - nameservers = [ "10.42.0.100" "10.42.0.200" ]; - }; - - ##################### - # uninteresting stuff - ##################### - krebs.build.host = config.krebs.hosts.wolf; - - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" - ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - - swapDevices = [ - { device = "/dev/disk/by-label/swap"; } - ]; - # fallout of ipv6calypse - networking.extraHosts = '' - hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 - ''; - - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users.ulrich.pubkey - ]; - - time.timeZone = "Europe/Berlin"; - sound.enable = false; -} diff --git a/shared/1systems/wolf/source.nix b/shared/1systems/wolf/source.nix deleted file mode 100644 index d2bc4952a..000000000 --- a/shared/1systems/wolf/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "wolf"; -} diff --git a/shared/2configs/central-stats-client.nix b/shared/2configs/central-stats-client.nix deleted file mode 100644 index 0412eba9a..000000000 --- a/shared/2configs/central-stats-client.nix +++ /dev/null @@ -1,68 +0,0 @@ -{pkgs, config, ...}: -{ - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - LoadPlugin df - Interval 30.0 - - LoadPlugin interface - <Plugin "interface"> - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - </Plugin> - - LoadPlugin df - <Plugin "df"> - MountPoint "/nix/store" - # MountPoint "/run*" - # MountPoint "/sys*" - # MountPoint "/dev" - # MountPoint "/dev/shm" - # MountPoint "/tmp" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - </Plugin> - - LoadPlugin cpu - <Plugin cpu> - ReportByCpu true - ReportByState true - ValuesPercentage true - </Plugin> - - LoadPlugin network - <Plugin "network"> - Server "stats.makefu.r" "25826" - </Plugin> - - LoadPlugin curl - <Plugin curl> - <Page "smarthome"> - URL "http://smarthome.shack/"; - MeasureResponseTime true - </Page> - </Plugin> - ''; - }; -} diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix deleted file mode 100644 index c2326a5cc..000000000 --- a/shared/2configs/cgit-mirror.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - rules = with git; singleton { - user = [ wolf-repo-sync ]; - repo = [ stockholm-mirror ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; - - stockholm-mirror = { - public = true; - name = "stockholm-mirror"; - cgit.desc = "mirror for all stockholm branches"; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = false; - channel = "#retiolum"; - server = "ni.r"; - }; - }; - }; - - wolf-repo-sync = { - name = "wolf-repo-sync"; - mail = "spam@krebsco.de"; - # TODO put git-sync pubkey somewhere more appropriate - pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; - }; - -in { - krebs.users.wolf-repo-sync = wolf-repo-sync; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "Shared Repos"; - root-desc = "keep on krebsing"; - }; - }; - inherit rules; - repos.stockholm-mirror = stockholm-mirror; - }; -} diff --git a/shared/2configs/collectd-base.nix b/shared/2configs/collectd-base.nix deleted file mode 100644 index 440f83fce..000000000 --- a/shared/2configs/collectd-base.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: - -# TODO: krebs.collectd.plugins -with import <stockholm/lib>; -let - connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" '' - LoadPlugin python - <Plugin python> - ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" - Import "collectd_connect_time" - <Module collectd_connect_time> - target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de" - interval 10 - </Module> - </Plugin> - ''; - graphite-cfg = pkgs.writeText "collectd-graphite.conf" '' - LoadPlugin write_graphite - <Plugin "write_graphite"> - <Carbon> - Host "heidi.shack" - Port "2003" - Prefix "retiolum." - EscapeCharacter "_" - StoreRates false - AlwaysAppendDS false - </Carbon> - </Plugin> - ''; -in { - imports = [ ]; - - nixpkgs.config.packageOverrides = pkgs: with pkgs; { - collectd = pkgs.collectd.override { python= pkgs.python; }; - }; - services.collectd = { - enable = true; - include = [ (toString connect-time-cfg) (toString graphite-cfg) ]; - }; - -} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix deleted file mode 100644 index 2146f42e8..000000000 --- a/shared/2configs/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - krebs.enable = true; - krebs.tinc.retiolum.enable = true; - - # TODO rename shared user to "krebs" - krebs.build.user = mkDefault config.krebs.users.shared; - - networking.hostName = config.krebs.build.host.name; - - nix.maxJobs = 1; - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; - nix.useSandbox = true; - - environment.systemPackages = with pkgs; [ - git - rxvt_unicode.terminfo - ]; - - programs.ssh.startAgent = false; - - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - - users.mutableUsers = false; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - # TODO - config.krebs.users.lass.pubkey - config.krebs.users.makefu.pubkey - # TODO HARDER: - config.krebs.users.makefu-omo.pubkey - config.krebs.users.tv.pubkey - ]; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; - -} diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix deleted file mode 100644 index 64222e43a..000000000 --- a/shared/2configs/graphite.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, lib, pkgs, ... }: - -# graphite-web on port 8080 -# carbon cache on port 2003 (tcp/udp) - -# TODO: krebs.graphite.minimal.enable -# TODO: configure firewall -with import <stockholm/lib>; -{ - imports = [ ]; - - services.graphite = { - api = { - enable = true; - listenAddress = "0.0.0.0"; - }; - carbon = { - enableCache = true; - # save disk usage by restricting to 1 bulk update per second - config = '' - [cache] - MAX_CACHE_SIZE = inf - MAX_UPDATES_PER_SECOND = 1 - MAX_CREATES_PER_MINUTE = 50 - MAX_UPDATES_PER_SECOND_ONSHUTDOWN = 9001 - - LOG_CACHE_HITS = False - LOG_CACHE_QUEUE_SORTS = False - LOG_UPDATES = False - LOG_LISTENER_CONNECTIONS = False - LOG_CREATES = True - ''; - storageAggregation = '' - ''; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - - [radiation_sensor] - pattern = ^sensors\.radiation\. - retentions = 1m:30d,5m:180d,10m:3y - - [motion_sensors] - pattern = ^sensors\.motion\. - retentions = 1s:1h,60s:30d,300s:1y - - [motion_sensors] - pattern = ^retiolum\. - retentions = 10s:1h,30s:30d,300s:1y - - [homeassistant] - pattern = ^homeassistant\. - retentions = 10s:24h,30s:30d,300s:1y,3600s:5y - - [ara] - pattern = ^ara\. - retentions = 60s:30d,300s:1y - - [openweathermap] - pattern = ^weather\.openweathermap - retentions = 30m:30d,1h:5y - - [stadtklima] - pattern = ^weather\.stadtklima-stuttgart - retentions = 15m:30d,30m:5y - - [sensebox] - pattern = ^weather\.sensebox - retentions = 1m:90d,30m:5y - - [elchos] - pattern = ^elchos\. - retentions = 10s:14d,1m:90d,10m:5y - - [icinga_default] - pattern = ^icinga - retentions = 10s:14d,5m:90d,10m:5y - - [icinga_internals] - pattern = ^icinga.*\.(max_check_attempts|reachable|current_attempt|execution_time|latency|state|state_type) - retentions = 5m:7d - - [default] - pattern = .* - retentions = 60s:30d,300s:1y - ''; - }; - }; - systemd.services.carbonCache.serviceConfig.Restart="always"; - systemd.services.graphiteApi.serviceConfig.Restart="always"; -} diff --git a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix deleted file mode 100644 index b5ec722a0..000000000 --- a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix +++ /dev/null @@ -1,47 +0,0 @@ -_: - -{ - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/VolGroup/lv_root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - - swapDevices = [ - { device = "/dev/VolGroup/lv_swap"; } - ]; - - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; -} diff --git a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix deleted file mode 100644 index 168d1d97b..000000000 --- a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix +++ /dev/null @@ -1,47 +0,0 @@ -_: - -{ - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/centos/root"; - fsType = "xfs"; - }; - - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - }; - - swapDevices = [ - { device = "/dev/centos/swap"; } - ]; - - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; -} diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix deleted file mode 100644 index 637a26e3c..000000000 --- a/shared/2configs/repo-sync.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - krebs.repo-sync = let - # TODO addMirrorURL function - mirror = "git@wolf:stockholm-mirror"; - in { - enable = true; - repos.stockholm = { - branches = { - makefu = { - origin.url = http://cgit.gum/stockholm ; - mirror.url = mirror; - }; - tv = { - origin.url = http://cgit.ni.r/stockholm; - mirror.url = mirror; - }; - lassulus = { - origin.url = http://cgit.prism/stockholm ; - mirror.url = mirror; - }; - }; - latest = { - url = mirror; - ref = "heads/master"; - }; - }; - }; -} diff --git a/shared/2configs/save-diskspace.nix b/shared/2configs/save-diskspace.nix deleted file mode 100644 index ab074c750..000000000 --- a/shared/2configs/save-diskspace.nix +++ /dev/null @@ -1,11 +0,0 @@ -{lib, ... }: -# TODO: do not check out nixpkgs master but fetch revision from github -{ - environment.noXlibs = true; - nix.gc.automatic = true; - nix.gc.dates = lib.mkDefault "03:10"; - programs.info.enable = false; - programs.man.enable = false; - services.journald.extraConfig = "SystemMaxUse=50M"; - services.nixosManual.enable = false; -} diff --git a/shared/2configs/shack/bincache.nix b/shared/2configs/shack/bincache.nix deleted file mode 100644 index 9cd7fae23..000000000 --- a/shared/2configs/shack/bincache.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: -{ - nix.binaryCaches = [ - "http://wolf.shack:3142/nixos" - ]; -} diff --git a/shared/2configs/shack/drivedroid.nix b/shared/2configs/shack/drivedroid.nix deleted file mode 100644 index 12e4a39c3..000000000 --- a/shared/2configs/shack/drivedroid.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -let - root = "/var/srv/drivedroid"; -in -{ - environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-drivedroid = { - serverAliases = [ - "drivedroid.shack" - ]; - # TODO: prepare this somehow - locations."/".extraConfig = '' - root ${root}; - index main.json; - ''; - }; - }; - - systemd.services.drivedroid-gen-repo = { - description = "generates drivedroid repo file"; - path = [ - pkgs.coreutils - pkgs.drivedroid-gen-repo - pkgs.inotify-tools - ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' - mkdir -p ${root}/repos - ''; - ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' - set -efu - cd ${root} - while sleep 60; do - if inotifywait -r .; then - drivedroid-gen-repo repos > main.json - fi - done - ''; - }; - }; -} diff --git a/shared/2configs/shack/mqtt_sub.nix b/shared/2configs/shack/mqtt_sub.nix deleted file mode 100644 index a8427dde4..000000000 --- a/shared/2configs/shack/mqtt_sub.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - pkg = pkgs.stdenv.mkDerivation { - name = "mqtt2graphite-2017-05-29"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/mqtt2graphite/"; - rev = "117179d"; - sha256 = "1334jbbzlqizyp7zcn4hdswhhrnkj1p4p435n5nph82lzffrsi44"; - }; - buildInputs = [ - (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ - docopt - paho-mqtt - ])) - ]; - installPhase = '' - install -m755 -D sub.py $out/bin/sub - install -m755 -D sub2.py $out/bin/sub-new - ''; - }; -in { - systemd.services.mqtt_sub = { - description = "subscribe to mqtt, send to graphite"; - # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkg}/bin/sub-new"; - PrivateTmp = true; - }; - }; -} diff --git a/shared/2configs/shack/muell_caller.nix b/shared/2configs/shack/muell_caller.nix deleted file mode 100644 index 2d8d78e33..000000000 --- a/shared/2configs/shack/muell_caller.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - pkg = pkgs.stdenv.mkDerivation { - name = "muell_caller-2017-06-01"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - requests2 - paramiko - python - ])) - ]; - installPhase = '' - install -m755 -D call.py $out/bin/call-muell - ''; - }; - cfg = "${toString <secrets>}/tell.json"; -in { - systemd.services.call_muell = { - description = "call muell"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; # TODO separate user - ExecStartPre = pkgs.writeDash "call-muell-pre" '' - cp ${cfg} /tmp/tell.json - chown nobody /tmp/tell.json - ''; - ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; - Restart = "always"; - PrivateTmp = true; - PermissionsStartOnly = true; - }; - }; -} diff --git a/shared/2configs/shack/nix-cacher.nix b/shared/2configs/shack/nix-cacher.nix deleted file mode 100644 index 8feeca9af..000000000 --- a/shared/2configs/shack/nix-cacher.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -let - cfg = config.krebs.apt-cacher-ng; -in -{ - imports = [ - ./bincache.nix - ]; - krebs.apt-cacher-ng = { - enable = true; - port = 3142; - bindAddress = "localhost"; - cacheExpiration = 30; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-nix-cacher = { - serverAliases = [ - "acng.shack" - ]; - locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:${toString cfg.port}/; - ''; - }; - }; -} diff --git a/shared/2configs/shack/radioactive.nix b/shared/2configs/shack/radioactive.nix deleted file mode 100644 index 378b54056..000000000 --- a/shared/2configs/shack/radioactive.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - pkg = pkgs.stdenv.mkDerivation { - name = "radioactive-2017-06-01"; - src = pkgs.fetchgit { - url = "https://github.com/makefu/nagios-radioactiveathome-plugins/"; - rev = "955f614"; - sha256 = "0ql6npl3n6shvij0ly6a52yjmf7dc31c5x29y927k9lvp8ygin20"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - requests2 - python - ])) - ]; - installPhase = '' - install -m755 -D add_many_points.py $out/bin/radioactive-add-many - ''; - }; -in { - systemd.services.radioactive = { - description = "radioactive"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; # TODO separate user - ExecStart = "${pkg}/bin/radioactive-add-many loop 60"; - Restart = "always"; - PrivateTmp = true; - PermissionsStartOnly = true; - }; - }; -} diff --git a/shared/2configs/shack/share.nix b/shared/2configs/shack/share.nix deleted file mode 100644 index 247b9ee7d..000000000 --- a/shared/2configs/shack/share.nix +++ /dev/null @@ -1,38 +0,0 @@ -{config, ... }:{ - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - group = "share"; - description = "smb guest user"; - home = "/home/share"; - createHome = true; - }; - - networking.firewall.allowedTCPPorts = [ - 139 445 # samba - ]; - - networking.firewall.allowedUDPPorts = [ - 137 138 - ]; - services.samba = { - enable = true; - shares = { - share-home = { - path = "/home/share/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/shared/2configs/shack/worlddomination.nix b/shared/2configs/shack/worlddomination.nix deleted file mode 100644 index d0f9f5fa6..000000000 --- a/shared/2configs/shack/worlddomination.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - pythonPackages = pkgs.python3Packages; - # https://github.com/chrysn/aiocoap - aiocoap = pythonPackages.buildPythonPackage { - name = "aiocoap-0.3"; - src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; - propagatedBuildInputs = [ ]; - doCheck = false; # 2 errors, dunnolol - meta = with pkgs.stdenv.lib; { - homepage = ""; - license = licenses.mit; - description = "Python CoAP library"; - }; - }; - LinkHeader = pythonPackages.buildPythonPackage { - name = "LinkHeader-0.4.3"; - src = pkgs.fetchurl { url = "https://pypi.python.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; - propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { - homepage = ""; - license = licenses.bsdOriginal; - description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; - }; - }; - pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2017-06-10"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/worlddomination/"; - rev = "72fc9b5"; - sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - LinkHeader - aiocoap - requests2 - paramiko - python - ])) - ]; - installPhase = '' - install -m755 -D backend/push_led.py $out/bin/push-led - install -m755 -D backend/loop_single.py $out/bin/loop-single - # copy the provided file to the package - install -m755 -D backend/wd.lst $out/${wdpath} - ''; - }; - wdpath = "/usr/worlddomination/wd.lst"; - esphost = "10.42.24.7"; # esp8266 - timeout = 10; # minutes -in { - systemd.services.worlddomination = { - description = "run worlddomination"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; # TODO separate user - ExecStart = "${pkg}/bin/push-led ${esphost} ${pkg}/${wdpath} loop ${toString timeout}"; - Restart = "always"; - PrivateTmp = true; - PermissionsStartOnly = true; - }; - }; -} diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix deleted file mode 100644 index 1d6883afe..000000000 --- a/shared/2configs/shared-buildbot.nix +++ /dev/null @@ -1,178 +0,0 @@ -{ lib, config, pkgs, ... }: -# The buildbot config is self-contained and currently provides a way -# to test "shared" configuration (infrastructure to be used by every krebsminister). - -# You can add your own test, test steps as required. Deploy the config on a -# shared host like wolf and everything should be fine. - -# TODO for all users schedule a build for fast tests -{ - # due to the fact that we actually build stuff on the box via the daemon, - # /nix/store should be cleaned up automatically as well - services.nginx.virtualHosts.build = { - serverAliases = [ "build.wolf.r" ]; - locations."/".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port}; - ''; - }; - - nix.gc.automatic = true; - nix.gc.dates = "05:23"; - networking.firewall.allowedTCPPorts = [ 8010 9989 ]; - krebs.buildbot.master = let - stockholm-mirror-url = http://cgit.wolf.r/stockholm-mirror ; - in { - secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ]; - workers = { - testworker = "krebspass"; - }; - change_source.stockholm = '' - stockholm_repo = '${stockholm-mirror-url}' - cs.append(changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branches=True, - project='stockholm', - pollinterval=60)) - ''; - scheduler = { - force-scheduler = '' - sched.append(schedulers.ForceScheduler( - name="force", - builderNames=[ - # "full-tests", - "fast-tests", - "build-local" - ])) - ''; - fast-tests-scheduler = '' - # test everything real quick - sched.append(schedulers.AnyBranchScheduler( - treeStableTimer=10, - name="fast-all-branches", - builderNames=["fast-tests"])) - ''; - test-cac-infest-master = '' - # files everyone depends on or are part of the share branch - def shared_files(change): - r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)") - for file in change.files: - if r.match(file): - return True - return False - - sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch="master"), - fileIsImportant=shared_files, - treeStableTimer=60*60, # master was stable for the last hour - name="full-master", - builderNames=[ - # "full-tests", - "build-local" - ])) - ''; - }; - builder_pre = '' - # prepare grab_repo step for stockholm - grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - - env = { - "LOGNAME": "shared", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - } - - # prepare nix-shell - # the dependencies which are used by the test script - deps = [ "gnumake", "jq", "nix", - "(import <stockholm>).pkgs.populate", - "(import <stockholm>).pkgs.test.infest-cac-centos7" ] - # TODO: --pure , prepare ENV in nix-shell command: - # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = ["nix-shell", - "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/nixpkgs", - "-p" ] + deps + [ "--run" ] - - # prepare addShell function - def addShell(factory,**kwargs): - factory.addStep(steps.ShellCommand(**kwargs)) - ''; - builder = { - fast-tests = '' - f = util.BuildFactory() - f.addStep(grab_repo) - - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: - addShell(f,name="build-{}".format(i),env=env, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - bu.append(util.BuilderConfig(name="fast-tests", - workernames=workernames, - factory=f)) - - ''; - # this build will try to build against local nixpkgs - # TODO change to do a 'local' populate and use the retrieved nixpkgs - build-local = '' - f = util.BuildFactory() - f.addStep(grab_repo) - - - bu.append(util.BuilderConfig(name="build-local", - workernames=workernames, - factory=f)) - ''; -# slow-tests = '' -# s = util.BuildFactory() -# s.addStep(grab_repo) -# -# # worker needs 2 files: -# # * cac.json -# # * retiolum -# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", workerdest="cac.json")) -# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", workerdest="retiolum.rsa_key.priv")) -# addShell(s, name="infest-cac-centos7",env=env, -# sigtermTime=60, # SIGTERM 1 minute before SIGKILL -# timeout=10800, # 3h -# command=nixshell + ["infest-cac-centos7"]) -# -# bu.append(util.BuilderConfig(name="full-tests", -# workernames=workernames, -# factory=s)) -# ''; - }; - enable = true; - web = { - enable = true; - }; - irc = { - enable = true; - nick = "wolfbot"; - server = "ni.r"; - channels = [ { channel = "retiolum"; } ]; - allowForce = true; - }; - extraConfig = '' - c['buildbotURL'] = "http://build.wolf.r/" - ''; - }; - - krebs.buildbot.worker = { - enable = true; - masterhost = "localhost"; - username = "testworker"; - password = "krebspass"; - packages = with pkgs; [ gnumake jq nix populate ]; - # all nix commands will need a working nixpkgs installation - extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; - }; -} diff --git a/shared/2configs/temp/dirs.nix b/shared/2configs/temp/dirs.nix deleted file mode 100644 index 958608a54..000000000 --- a/shared/2configs/temp/dirs.nix +++ /dev/null @@ -1 +0,0 @@ -_: { } diff --git a/shared/2configs/temp/networking.nix b/shared/2configs/temp/networking.nix deleted file mode 100644 index 958608a54..000000000 --- a/shared/2configs/temp/networking.nix +++ /dev/null @@ -1 +0,0 @@ -_: { } diff --git a/shared/3modules/default.nix b/shared/3modules/default.nix deleted file mode 100644 index 7fbdb77f4..000000000 --- a/shared/3modules/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -# TODO don't require 3modules -_: - -{ -} diff --git a/shared/6tests/data/secrets/grafana_security.nix b/shared/6tests/data/secrets/grafana_security.nix deleted file mode 100644 index 0967ef424..000000000 --- a/shared/6tests/data/secrets/grafana_security.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/shared/6tests/data/secrets/retiolum.rsa_key.priv b/shared/6tests/data/secrets/retiolum.rsa_key.priv deleted file mode 100644 index e69de29bb..000000000 --- a/shared/6tests/data/secrets/retiolum.rsa_key.priv +++ /dev/null diff --git a/shared/6tests/data/secrets/ssh.id_ed25519 b/shared/6tests/data/secrets/ssh.id_ed25519 deleted file mode 100644 index e69de29bb..000000000 --- a/shared/6tests/data/secrets/ssh.id_ed25519 +++ /dev/null diff --git a/shared/default.nix b/shared/default.nix deleted file mode 100644 index 320e1a133..000000000 --- a/shared/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: -{ - imports = [ - ../krebs - ./2configs - ./3modules - ]; -} diff --git a/shared/source.nix b/shared/source.nix deleted file mode 100644 index 762a0c640..000000000 --- a/shared/source.nix +++ /dev/null @@ -1,19 +0,0 @@ -with import <stockholm/lib>; -host@{ name, secure ? false }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "shared"; - _file = <stockholm> + "/shared/1systems/${name}/source.nix"; -in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/shared/1systems/${name}/config.nix"; - secrets.file = getAttr builder { - buildbot = toString <stockholm/shared/6tests/data/secrets>; - shared = "${getEnv "HOME"}/secrets/krebs/${host.name}"; - }; - stockholm.file = toString <stockholm>; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 - }; - } |